Fixes ldapdriver so that it works properly with admin client. It now sanitizes all unicode data to strings before passing it into ldap driver. This may need to be rethought to work properly for internationalization.
This commit is contained in:
Vishvananda Ishaya
@@ -74,6 +74,25 @@ LOG = logging.getLogger("nova.ldapdriver")
|
||||
# in which we may want to change the interface a bit more.
|
||||
|
||||
|
||||
def _clean(attr):
|
||||
"""Clean attr for insertion into ldap"""
|
||||
if attr is None:
|
||||
return None
|
||||
if type(attr) is unicode:
|
||||
return str(attr)
|
||||
return attr
|
||||
|
||||
|
||||
def sanitize(fn):
|
||||
"""Decorator to sanitize all args"""
|
||||
def _wrapped(self, *args, **kwargs):
|
||||
args = [_clean(x) for x in args]
|
||||
kwargs = dict((k, _clean(v)) for (k, v) in kwargs)
|
||||
return fn(self, *args, **kwargs)
|
||||
_wrapped.func_name = fn.func_name
|
||||
return _wrapped
|
||||
|
||||
|
||||
class LdapDriver(object):
|
||||
"""Ldap Auth driver
|
||||
|
||||
@@ -106,23 +125,27 @@ class LdapDriver(object):
|
||||
self.conn.unbind_s()
|
||||
return False
|
||||
|
||||
@sanitize
|
||||
def get_user(self, uid):
|
||||
"""Retrieve user by id"""
|
||||
attr = self.__get_ldap_user(uid)
|
||||
return self.__to_user(attr)
|
||||
|
||||
@sanitize
|
||||
def get_user_from_access_key(self, access):
|
||||
"""Retrieve user by access key"""
|
||||
query = '(accessKey=%s)' % access
|
||||
dn = FLAGS.ldap_user_subtree
|
||||
return self.__to_user(self.__find_object(dn, query))
|
||||
|
||||
@sanitize
|
||||
def get_project(self, pid):
|
||||
"""Retrieve project by id"""
|
||||
dn = self.__project_to_dn(pid)
|
||||
attr = self.__find_object(dn, LdapDriver.project_pattern)
|
||||
return self.__to_project(attr)
|
||||
|
||||
@sanitize
|
||||
def get_users(self):
|
||||
"""Retrieve list of users"""
|
||||
attrs = self.__find_objects(FLAGS.ldap_user_subtree,
|
||||
@@ -134,6 +157,7 @@ class LdapDriver(object):
|
||||
users.append(user)
|
||||
return users
|
||||
|
||||
@sanitize
|
||||
def get_projects(self, uid=None):
|
||||
"""Retrieve list of projects"""
|
||||
pattern = LdapDriver.project_pattern
|
||||
@@ -143,6 +167,7 @@ class LdapDriver(object):
|
||||
pattern)
|
||||
return [self.__to_project(attr) for attr in attrs]
|
||||
|
||||
@sanitize
|
||||
def create_user(self, name, access_key, secret_key, is_admin):
|
||||
"""Create a user"""
|
||||
if self.__user_exists(name):
|
||||
@@ -196,6 +221,7 @@ class LdapDriver(object):
|
||||
self.conn.add_s(self.__uid_to_dn(name), attr)
|
||||
return self.__to_user(dict(attr))
|
||||
|
||||
@sanitize
|
||||
def create_project(self, name, manager_uid,
|
||||
description=None, member_uids=None):
|
||||
"""Create a project"""
|
||||
@@ -231,6 +257,7 @@ class LdapDriver(object):
|
||||
self.conn.add_s(dn, attr)
|
||||
return self.__to_project(dict(attr))
|
||||
|
||||
@sanitize
|
||||
def modify_project(self, project_id, manager_uid=None, description=None):
|
||||
"""Modify an existing project"""
|
||||
if not manager_uid and not description:
|
||||
@@ -249,21 +276,25 @@ class LdapDriver(object):
|
||||
dn = self.__project_to_dn(project_id)
|
||||
self.conn.modify_s(dn, attr)
|
||||
|
||||
@sanitize
|
||||
def add_to_project(self, uid, project_id):
|
||||
"""Add user to project"""
|
||||
dn = self.__project_to_dn(project_id)
|
||||
return self.__add_to_group(uid, dn)
|
||||
|
||||
@sanitize
|
||||
def remove_from_project(self, uid, project_id):
|
||||
"""Remove user from project"""
|
||||
dn = self.__project_to_dn(project_id)
|
||||
return self.__remove_from_group(uid, dn)
|
||||
|
||||
@sanitize
|
||||
def is_in_project(self, uid, project_id):
|
||||
"""Check if user is in project"""
|
||||
dn = self.__project_to_dn(project_id)
|
||||
return self.__is_in_group(uid, dn)
|
||||
|
||||
@sanitize
|
||||
def has_role(self, uid, role, project_id=None):
|
||||
"""Check if user has role
|
||||
|
||||
@@ -273,6 +304,7 @@ class LdapDriver(object):
|
||||
role_dn = self.__role_to_dn(role, project_id)
|
||||
return self.__is_in_group(uid, role_dn)
|
||||
|
||||
@sanitize
|
||||
def add_role(self, uid, role, project_id=None):
|
||||
"""Add role for user (or user and project)"""
|
||||
role_dn = self.__role_to_dn(role, project_id)
|
||||
@@ -283,11 +315,13 @@ class LdapDriver(object):
|
||||
else:
|
||||
return self.__add_to_group(uid, role_dn)
|
||||
|
||||
@sanitize
|
||||
def remove_role(self, uid, role, project_id=None):
|
||||
"""Remove role for user (or user and project)"""
|
||||
role_dn = self.__role_to_dn(role, project_id)
|
||||
return self.__remove_from_group(uid, role_dn)
|
||||
|
||||
@sanitize
|
||||
def get_user_roles(self, uid, project_id=None):
|
||||
"""Retrieve list of roles for user (or user and project)"""
|
||||
if project_id is None:
|
||||
@@ -307,6 +341,7 @@ class LdapDriver(object):
|
||||
roles = self.__find_objects(project_dn, query)
|
||||
return [role['cn'][0] for role in roles]
|
||||
|
||||
@sanitize
|
||||
def delete_user(self, uid):
|
||||
"""Delete a user"""
|
||||
if not self.__user_exists(uid):
|
||||
@@ -332,12 +367,14 @@ class LdapDriver(object):
|
||||
# Delete entry
|
||||
self.conn.delete_s(self.__uid_to_dn(uid))
|
||||
|
||||
@sanitize
|
||||
def delete_project(self, project_id):
|
||||
"""Delete a project"""
|
||||
project_dn = self.__project_to_dn(project_id)
|
||||
self.__delete_roles(project_dn)
|
||||
self.__delete_group(project_dn)
|
||||
|
||||
@sanitize
|
||||
def modify_user(self, uid, access_key=None, secret_key=None, admin=None):
|
||||
"""Modify an existing user"""
|
||||
if not access_key and not secret_key and admin is None:
|
||||
|
||||
Reference in New Issue
Block a user